Playbook: Splunk Attack Analyzer Dynamic Analysis

Description

Accepts url link, domain or vault_id (hash) to be detonated using Splunk Attacker (SAA) API connector. This playbook produces a normalized output for each user and device.

Type: Investigation Date: 2023-03-24 Author: Teoderick Contreras, Splunk; Kelby Shelton, Splunk ID: c77faffe-1339-43b0-b870-86582da9063e

Apps:

Associated Detections

How To Implement

This input playbook requires the SAA API connector to be configured. It is designed to work in conjunction with the Dynamic Attribute Lookup playbook or other playbooks in the same style.

Explore Playbook

explore

Required fields

Reference

source | version: 1